Note : the mail from {myemail}@mydomain is not real and my server dont have spf and dkim yet
HELO mydomain
MAIL FROM: RCPT TO: QUIT After running these command i get black list on eXploits Blocklist (XBL) & CSS Blocklist (CSS).
I check issue from spamhaus and this is the detail infomation : (IP, UTC timestamp, HELO value) {hide my ip :O} outlook.com Notable things about the HELOs: They are often dynamic-looking rDNS, and claim to be from geographically very different networks
They can include impossible HELOs like "gmail.com", "outlook.com", "comcast.net" - Gmail, Outlook and Comcast do not use these. These are all fake.
The cause of this problem is frequently found to be coming from an phone or laptop with "free" VPN or channel unlocker, "free" streaming apps.
This can be caused by a spambot infection or a server misconfiguration. First check that the HELO settings are correct. This can be done by sending an email from {hide my ip :O} to "helocheck@abuseat.org". A bounce that contains the required information will be returned immediately. It will look like an error. It is not. Please examine the information in the body of the email. NOTE: "helocheck@abuseat.org" does not currently work with IPv6. If the HELO settings are correct, then there is a spambot or some other kind of malware! What step i need to take in order to not get blacklist like this in the future. Thanks in advanced!
One thing I’ve learned is that you simply cannot validate an e-mail address using the methods you’ve described. Far too many e-mail addresses are not actually deliverable, even if you get a “220 OK” response at that stage. Too much processing is done on the message after the envelope has been transmitted.
For a period of time, people thought that they could automate e-mail address validation (as you have described) as part of of the process of receiving an e-mail message. That is, when your server receives the envelope information, before you allow that sender to proceed any further, you call out to validate the e-mail address that they just gave you.
But there’s no actual authentication there, so you look like a spammer.
Moreover, your e-mail address validation process can be abused to do a denial-of-service attack on anyone they don’t like — just set up a bunch of spambots that all claim to be sending e-mail from victim@example.org, and then watch all those servers doing e-mail address validation just completely nuke the mail servers for example.org. That’s also called a reflection attack.
To put it simply, don’t do e-mail address validation. At least, don’t use the early part of the SMTP protocol to do it.
Instead, send them a real message. Tell them why you’re sending it. Ask for them to reply. If they don’t reply, then the e-mail address might or might not be valid, or they might just be ignoring you. Or they might have complained about your message to their mail server operators, who have then added you to a blacklist.
You won’t know for sure in those cases, but the more information you give them explaining why you’re trying to send them e-mail, the more likely you are to get a positive response. And hopefully, the less likely you are to get blacklisted.
If you trigger enough mismatched EHLO from their expected mailing domain name, into the spam dustbin, your IP address goes. And if their mail server is beefy, into the blackhole list (RBL/DNSBL) too!